Rust standard library is vulnerable to a critical severity flaw that can be exploited on Windows targets. Tracked as CVE-2024-24576, the vulnerability has been given a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on a targeted Windows system. The vulnerability is being called BatBadBut.
Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)
Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.
Microsoft Patch Tuesday, April 2024 Security Update Review
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s April 2024 edition addressed 155 vulnerabilities, including three … Continue reading “Microsoft Patch Tuesday, April 2024 Security Update Review”
Ivanti Neurons for ITSM Authenticated Remote File Write Vulnerability (CVE-2023-46808)
Ivanti Neurons for ITSM is vulnerable to a critical flaw tracked as CVE-2024-46808. Successful exploitation of the vulnerability may allow an attacker to write files to sensitive directories.
Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)
Atlassian released its Monthly Security Bulletin for March, which addressed 24 high-severity vulnerabilities and one critical-severity vulnerability (CVE-2024-1597). CVE-2024-1597 is a SQL injection vulnerability in the Atlassian Bamboo Server and Data Center. The vulnerability has been given a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an … Continue reading “Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)”
Ivanti Patches Remote Code Execution Vulnerability in Standalone Sentry (CVE-2023-41724)
NATO Cyber Security Centre researchers have discovered a critical severity vulnerability impacting the Ivanti Standalone Sentry. Tracked as CVE-2023-41724 is given a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands.
FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2023-48788)
Fortinet addressed a critical severity vulnerability impacting the FortiClient Enterprise Management Server. Tracked as CVE-2023-48788, the vulnerability may allow an attacker to achieve code execution on affected systems. The vulnerability has been given a CVSS score of 9.3.
FortiOS & FortiProxy Out-of-bounds Write Vulnerability in Captive Portal (CVE-2023-42789 & CVE-2023-42790)
Fortinet has released a patch to address two vulnerabilities impacting FortiOS and FortiProxy. Tracked as CVE-2023-42789 & CVE-2023-42790, the vulnerabilities are given a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerabilities may allow an attacker to execute unauthorized code.
Microsoft Patch Tuesday, March 2024 Security Update Review
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address many CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s March 2024 edition addressed 64 vulnerabilities, including two critical and 58 … Continue reading “Microsoft Patch Tuesday, March 2024 Security Update Review”
QNAP Patches Critical Vulnerabilities Impacting NAS Devices (CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901)
Multiple NAS devices, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, are vulnerable to three critical severity flaws. Tracked as CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901, the vulnerabilities could allow authenticated administrators to inject malicious code via a network that compromises the system’s security.